aedfcb5042b52b95149480f044299a08_JaffaCakes118 | Triage

Sharing

General

Target

aedfcb5042b52b95149480f044299a08_JaffaCakes118
Size

284KB
MD5

aedfcb5042b52b95149480f044299a08
SHA1

95317dc2b7a28a6f090549b92bb97586ace8f9bc
SHA256

78ae99ef4655ee5cd3976cb312427829438a065eeb66131d107fb0d7793e2330
SHA512

15da4c9d6596a3b8ed72229036230b3c6a9c9614e9b1d45369b3da40fbb936bdbb26be449fd51aff86168a009123dca5a765b8c57e09849a2b23c050319742bf
SSDEEP

6144:9WU0ISo94Pg4G5+S1dWIrzW5zPk8OL0WPQWK0l+kQl:94vo94hG5+orz5O8QQ5Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aedfcb5042b52b95149480f044299a08_JaffaCakes118

Files

aedfcb5042b52b95149480f044299a08_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2eba59c29a0a899044e3715ecbb88c09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GlobalAddAtomW
EnumResourceNamesA
LockResource
FindResourceExA
MultiByteToWideChar
LoadResource
FindNextFileW
GetModuleHandleA
GetProcAddress
EnumResourceLanguagesA
FormatMessageA
EnumResourceNamesA
SetLastError
GetProcessHeap
FindFirstFileW
HeapFree
GetCurrentDirectoryA
InterlockedExchange
HeapAlloc
RaiseException
LoadLibraryW
SizeofResource
GetCurrencyFormatA
GetLastError
GlobalFree
GetCommandLineA
LocalFree
EnumResourceTypesA
FindFirstFileA
Sleep

user32

EnumWindows
wsprintfW
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
wsprintfA

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

Sections

.text
Size: 152KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ